<?php
  $nonce = intval($_POST['nonce']);
  $tdiff = time()-$nonce;
  if ($tdiff<0 || $tdiff>300)
  {
     header("HTTP/1.0 408 Request Timeout");
  }
  else
  {
     chdir($_ENV["DOCUMENT_ROOT"]."/../hurts");
     $lines = file("passwd.txt", FILE_IGNORE_NEW_LINES);
     $passwd = $lines[0];

     $postdata = $_POST['data'];
     $action = $_POST['action'];
     $md5Val = $_POST['md5'];
     $params = $_POST['params'];
     $auth = md5($action . $params . $postdata . $nonce . $passwd );
     if ($auth==$md5Val)
     {
        $data = gzuncompress($postdata);

        $filename ="";
        if ($action=="run")
           $filename = tempnam("scripts","").".n";
        elseif ($action=="wput")
        {
           chdir($_ENV["DOCUMENT_ROOT"]);
           $filename = $params;
        }
        elseif ($action=="put")
        {
           chdir($_ENV["DOCUMENT_ROOT"]."/..");
           $filename = $params;
        }

        if ($filename=="")
        {
           header("HTTP/1.0 400 Bad Action");
        }
        else
        {
           $handle = fopen($filename, "w");
           fwrite($handle, $data);
           fclose($handle);
           if ($action=="run")
           {
              putenv("LD_LIBRARY_PATH=.");
              echo passthru("./neko " . $filename . " " . escapeshellarg($params));
              unlink($filename);
           }
           else
              echo "Wrote " . $filename;
        }
     }
     else
     {
        header("HTTP/1.0 403 Forbidden");
     }
  }
?> 
